gabriel/muse — blame/sha256:1/test_agent_seed_zeroing.py

1 files

1 commits

0 hotspots

0 🧊 dead

0 💥 blast risk

sha256:4 Merge branch 'dev' into main · gabriel · Jun 17, 2026

1	"""Tests for DerivedKey zeroing in muse/cli/commands/agent.py.
2
3	_sub_seed_to_public derives an Ed25519 key from a sub-seed via derive_identity_key(),
4	then calls dk.zero() to overwrite the private scalar and chain code before returning.
5	DerivedKey fields are bytearray, so dk.zero() genuinely overwrites the live buffer.
6
7	Coverage
8	--------
9	I _sub_seed_to_public zeroes DerivedKey
10	I1 DerivedKey.private_bytes is zeroed after _sub_seed_to_public returns
11	I2 DerivedKey.chain_code is zeroed after _sub_seed_to_public returns
12	"""
13
14	from __future__ import annotations
15
16	from unittest.mock import patch
17
18	from muse.core import hdkeys as _hdkeys
19	from muse.core.bip39 import mnemonic_to_seed
20	from muse.core.hdkeys import derive_agent_sub_seed, DOMAIN_IDENTITY
21	from muse.core.slip010 import DerivedKey
22
23	_MNEMONIC = (
24	"abandon abandon abandon abandon abandon abandon abandon abandon "
25	"abandon abandon abandon about"
26	)
27	_SEED = mnemonic_to_seed(_MNEMONIC)
28	_SUB_SEED = derive_agent_sub_seed(_SEED, domain=DOMAIN_IDENTITY, agent_id=0)
29
30
31	class TestSubSeedToPublicZeroesDerivedKey:
32	def test_I1_private_bytes_zeroed(self) -> None:
33	"""I1: DerivedKey.private_bytes is zeroed after _sub_seed_to_public returns."""
34	from muse.cli.commands.agent import _sub_seed_to_public
35
36	captured: list[DerivedKey] = []
37	original_derive = _hdkeys.derive_identity_key
38
39	def capturing_derive(args: int \| bytes, *kwargs: int) -> DerivedKey:
40	dk = original_derive(args, *kwargs)
41	captured.append(dk)
42	return dk
43
44	with patch.object(_hdkeys, "derive_identity_key", side_effect=capturing_derive):
45	_sub_seed_to_public(bytes(_SUB_SEED))
46
47	assert captured, "derive_identity_key was not called"
48	dk = captured[0]
49	assert dk.private_bytes == bytearray(32), (
50	"DerivedKey.private_bytes must be zeroed after _sub_seed_to_public"
51	)
52
53	def test_I2_chain_code_zeroed(self) -> None:
54	"""I2: DerivedKey.chain_code is zeroed after _sub_seed_to_public returns."""
55	from muse.cli.commands.agent import _sub_seed_to_public
56
57	captured: list[DerivedKey] = []
58	original_derive = _hdkeys.derive_identity_key
59
60	def capturing_derive(args: int \| bytes, *kwargs: int) -> DerivedKey:
61	dk = original_derive(args, *kwargs)
62	captured.append(dk)
63	return dk
64
65	with patch.object(_hdkeys, "derive_identity_key", side_effect=capturing_derive):
66	_sub_seed_to_public(bytes(_SUB_SEED))
67
68	assert captured, "derive_identity_key was not called"
69	dk = captured[0]
70	assert dk.chain_code == bytearray(32), (
71	"DerivedKey.chain_code must be zeroed after _sub_seed_to_public"
72	)

test_agent_seed_zeroing.py file-level

`test_agent_seed_zeroing.py` file-level